diff --git a/apps/dbgate/configs.tf b/apps/dbgate/configs.tf index da957d2..a8f7e60 100644 --- a/apps/dbgate/configs.tf +++ b/apps/dbgate/configs.tf @@ -51,6 +51,26 @@ locals { connection_secrets = merge(local.pg_secrets,local.mongo_secrets) } + +resource "kubectl_manifest" "dbgate-init" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: "${var.component}-${var.instance}-init" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + data: + start.sh: |- + cp /etc/local-ca/ca.crt /usr/local/share/ca-certificates/ + /usr/sbin/update-ca-certificates + /bin/su - node -c /entrypoint.sh "$@" + sleep infinity + EOF +} + + + resource "kubectl_manifest" "dbgate-config" { yaml_body = <<-EOF apiVersion: v1 diff --git a/apps/dbgate/deploy.tf b/apps/dbgate/deploy.tf index 6172187..47438c9 100644 --- a/apps/dbgate/deploy.tf +++ b/apps/dbgate/deploy.tf @@ -22,8 +22,7 @@ resource "kubectl_manifest" "deploy" { securityContext: fsGroup: 1000 runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 + runAsUser: 0 envFrom: - secretRef: name: "${var.component}-${var.instance}" @@ -42,6 +41,8 @@ resource "kubectl_manifest" "deploy" { secretKeyRef: name: "${var.component}-${var.instance}-secret" key: client-secret + command: + - /start.sh image: "${var.images.dbgate.registry}/${var.images.dbgate.repository}:${var.images.dbgate.tag}" imagePullPolicy: "${var.images.dbgate.pullPolicy}" ports: @@ -72,6 +73,9 @@ resource "kubectl_manifest" "deploy" { readOnly: true - name: data mountPath: /home/node/.dbgate + - name: init + mountPath: "/start.sh" + subPath: "start.sh" restartPolicy: Always securityContext: fsGroup: 1000 @@ -88,5 +92,9 @@ resource "kubectl_manifest" "deploy" { claimName: "${var.component}-${var.instance}" - name: run emptyDir: {} + - name: init + configMap: + name: "${var.component}-${var.instance}-init" + defaultMode: 0777 EOF } diff --git a/apps/dbgate/index.yaml b/apps/dbgate/index.yaml index e058652..73fad76 100644 --- a/apps/dbgate/index.yaml +++ b/apps/dbgate/index.yaml @@ -6,38 +6,6 @@ metadata: name: dbgate description: null options: - sub-domain: - default: dbgate - examples: - - dbgate - type: string - storage: - default: - accessMode: ReadWriteOnce - size: 1Gi - type: Filesystem - examples: - - accessMode: ReadWriteOnce - size: 1Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 1Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - Block - type: string - type: object maria: default: [] examples: @@ -67,60 +35,16 @@ options: type: string type: object type: array - mongo: - default: [] + app-group: + default: dev examples: - - [] - items: - properties: - dbname: - default: '' - type: string - name: - default: '' - type: string - namespace: - default: '' - type: string - secret: - properties: - key: - default: '' - type: string - name: - default: '' - type: string - type: object - username: - default: '' - type: string - type: object - type: array - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - domain-name: - default: your_company.com - examples: - - your_company.com + - dev type: string domain: default: your-company examples: - your-company type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - app-group: - default: dev - examples: - - dev - type: string images: default: dbgate: @@ -189,6 +113,82 @@ options: type: string type: object type: array + sub-domain: + default: dbgate + examples: + - dbgate + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + mongo: + default: [] + examples: + - [] + items: + properties: + dbname: + default: '' + type: string + name: + default: '' + type: string + namespace: + default: '' + type: string + secret: + properties: + key: + default: '' + type: string + name: + default: '' + type: string + type: object + username: + default: '' + type: string + type: object + type: array + ingress-class: + default: traefik + examples: + - traefik + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + storage: + default: + accessMode: ReadWriteOnce + size: 1Gi + type: Filesystem + examples: + - accessMode: ReadWriteOnce + size: 1Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 1Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object dependencies: - dist: null category: share